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CLAIMS: 

1 . A method (300) for distributing data (25), within a network (11), between 
a source consumer (50) and a destination consumer (250), the data originating from, and 
protected by predetermined intellectual property rights of, a third party (20), the method 
comprising: 

specifying (302) a first access condition associated with the data, the access 
condition based on the predetermined intellectual property rights; 

based on a request requesting transfer of the data from the source consumer to the 
destination consumer, and based on a service ticket issued by an authority associated with 
the source consumer, arranging (304) for authentication of the destination consumer; and 

after authentication of the destination consumer, based on a second access 
condition issued by an authority associated with the source consumer, arranging (306) for 
transfer of the data, via the network in a peer-to-peer manner, from the source consumer 
to the destination consumer, 

use (308) of the data by the destination consumer restricted in a manner specified 
by the first and second access conditions. 

2. The method according to claim 1, wherein the first access condition is 
further based on consumer characteristics (252) associated with the destination consumer. 

3. The method according to claim 2, wherein the consumer characteristics 
(252) comprise one of a destination consumer domain name, or destination consumer 
device identity. 

4. The method according to claim 1, further comprising the steps of: 
based on the service ticket, authenticating the destination consumer; and 
based on the first and second access conditions, transferring the data via the 

network in a peer-to-peer manner, from the source consumer to the destination consumer. 
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5. The method according to claim 1, further comprising: 

arranging for creation of a content license by the destination consumer based on 
the first and second access conditions. 

6. The method according to claim 5, wherein the use of the data by the 
destination consumer is restricted in a manner specified in the content license. 

7. The method according to claim 1, wherein the network comprises the 
Internet. 

8. The method according to claim 7, wherein the destination consumer 
comprises a set-top box. 

9. The method according to claim 1, wherein the step of arranging for 
authentication of the destination consumer comprises arranging for authentication of a 
gateway device (250) associated with the destination consumer. 

10. The method according to claim 1, further comprising: 
prior to arranging for transfer of the data, encrypting the data. 

11. The method according to claim 10, wherein the step of encrypting 
comprises forming ciphertext based on the data and an encryption key, according to a 
predetermined encryption routine. 

12. The method according to claim 10, further comprising: 
authenticating the data, after the data has been transferred. 

13. The method according to claim 1, wherein the access condition is based on 
a content license from a provider of the data. 
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14. The method according to claim 13, wherein the content license is located 
at the source consumer. 

1 5 . The method according to claim 1 , wherein the service ticket had been 
obtained with a ticket granting server request/reply exchange between the destination 
consumer and a key distribution center associated with the source consumer, and 
authenticated using a ticket granting ticket encrypted with a cross-realm key. 

16. The method according to claim 1 5, wherein the step of arranging for 
authentication of the destination consumer comprises establishing security associations 
between the key distribution center associated with the source consumer and a key 
distribution center associated with the destination consumer, using the shared cross-realm 
key. 

17. The method according to claim 1, wherein the service ticket is obtained 
based on an authentication server AS request/reply exchange between the destination 
consumer and a key distribution center associated with the source consumer, and 

wherein the destination consumer is authenticated with a digital authentication 
certificate associated with the destination consumer, the digital authentication certificate 
including a realm name of the destination consumer. 

1 8. The method according to claim 1 , wherein the step of arranging for 
transfer of the data comprises arranging for one of streaming, moving and copying of the 
data. 

19. A computer-readable medium encoded with a computer program which, 
when loaded into a processor, implements the method of claim 1. 

20. A system for distributing data (25), within a network (1 1), between a 
source consumer (50) responsive to a first key distribution center (213) and a destination 
consumer (250) responsive to a second key distribution center (215), the data (25) 
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originating from, and protected by predetermined intellectual property rights of, a third 
party (20), the system comprising: 

a network communications interface (62/262/282) for receiving a request for 
transfer of the data (25) from the source consumer (50) to the destination consumer 
(250), and for transferring the data (25) from the source consumer (50) to the destination 
consumer (250), via the network (1 1), in a peer-to-peer manner in response to the request; 
and 

an information processing system (64/264/284) in communication with the 
network communications interface, for processing the request received by the source 
network communications interface, and, based on the request, performing a method 
comprising: 

arranging for authentication of the destination consumer based on a service 
ticket issued by the first key distribution center; 

arranging for determining whether the destination consumer is authorized, in a 
manner specified by a first access condition based on the predetermined intellectual 
property rights of the third party, to receive the data from the source consumer; and 

based on a second access condition returned by the source consumer, 
arranging for transfer, via the network communications interface, of the data from the 
source consumer to the destination consumer, 

use of the data by the destination consumer restricted in a manner specified by the 
first and second access conditions. 

21 . The system according to claim 20, wherein the network communications 
interface (62, 262) is associated with a gateway device (50/250) of one of the source 
consumer and the destination consumer. 

22. The system according to claim 21 , wherein the information processing 
system comprises a processor (54) responsive to a computer-readable storage medium 
(52) and to a computer program (56), the computer program, when loaded into the 
processor, operative to perform the method. 
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23. The system according to claim 22, wherein the processor is associated with 
the gateway device. 

24. The system according to claim 20, wherein the network communications 
interface (282) is associated with a server (270) accessible to the source consumer via the 
network. 

25. The system according to claim 24, wherein the information processing 
system comprises a processor (24) responsive to a computer-readable storage medium 
(22) and to a computer program (26), the computer program, when loaded into the 
processor, operative to perform the method. 

26. The system according to claim 25, wherein the processor is associated with 
the server (270). 
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